Latest revision as of 18:10, 4 February 2014

Description

Cloneable classes are effectively open classes since data cannot be hidden in them.

Consequences

Confidentiality: A class which can be cloned can be produced without executing the constructor.

Exposure period

Implementation: This is a style issue which needs to be adopted throughout the implementation of each class.

Platform

Languages: Java

Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

Classes which do no explicitly deny cloning can be cloned by any other class without running the constructor. This is, of course, dangerous since numerous checks and security aspects of an object are often taken care of in the constructor.